VDB
CVE-2019-7303
CVE-2019-7303
PUBLISHED
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
EPSS 0.93% · 76.4th percentile
Risk Scores
EPSS Score
0.93%
76.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | snapd | 2.0.10, 1.9, 1.9.1.1 |
| Ubuntu:14.04:LTS | snapd | 2.21~14.04.2, 2.22.3~14.04, 2.22.6~14.04 |
| Ubuntu:18.04:LTS | snapd | 2.29.4.2+18.04, 2.31.1+18.04, 2.32+18.04 |
Exploit Intelligence
- https://www.exploit-db.com/exploits/46594 (nist-nvd)
- CIRCL exploited: CVE-2019-7303 (circl-sighting)
- https://usn.ubuntu.com/3917-1/ (circl)
- snap - seccomp BBlacklist for TIOCSTI can be Circumvented Exploit (0day-today)
- snap - seccomp BBlacklist for TIOCSTI can be Circumvented Exploit (0day-today)
Timeline
- Mar 21, 2019 CVE Published
- Mar 22, 2019 PoC Published
- Mar 24, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-7303 third-party-advisory
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapIoctlTIOCSTI third-party-advisory
- https://ubuntu.com/security/notices/USN-3917-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-7303 third-party-advisory